
The NIST AI RMF Is a Control Checklist, Not a Compliance Box
Voluntary on paper, de-facto expected in procurement.
Use the NIST AI RMF as a control checklist, not a compliance form. It's voluntary, but procurement and auditors increasingly treat it as the baseline. Work MAP and MEASURE first — inventory context, then run real evaluations — before claiming GOVERN and MANAGE. The generative profile lists 12 risks and 200-plus suggested actions: prioritise them, don't self-attest.
The Weights Desk · 5 min read- The RMF is voluntary, but procurement, auditors, and insurers increasingly treat it as the baseline — plan for de-facto binding.
- Four functions: GOVERN, MAP, MEASURE, MANAGE. MAP and MEASURE do the real work; start there, not with governance paperwork.
- The generative profile (NIST AI 600-1) names 12 GenAI risks and just over 200 suggested actions — a menu to prioritise, not a mandate to self-attest.
- The framework sets no pass/fail thresholds; you must define your own metrics and evidence, or the checklist becomes theater.
- Cherry-picking 'suggested' actions and self-attesting is the box-tick failure mode — wire each control to an eval you actually run.
Verdict: binding soon in practice — do MAP before you do paperwork
The NIST AI Risk Management Framework is voluntary; no statute makes you follow it (s1). Ignore that. Procurement questionnaires, insurers, and audit firms have already adopted it as the default vocabulary for 'did you manage AI risk,' which makes it binding-soon by contract even where it isn't binding by law. So the prioritised obligation is not to write a governance charter. It is to run MAP — enumerate the system's context, users, data, and plausible harms — then MEASURE those harms with evaluations you actually execute. Do that and the rest of the framework has something real to hang on. Skip it and GOVERN and MANAGE degrade into documents nobody tests.
The four functions are a checklist — two of them do the work
The RMF splits into GOVERN, MAP, MEASURE, and MANAGE, each broken into categories and subcategories you can read as line items (s1). GOVERN is the cross-cutting policy layer; MANAGE is triage and response. Both are easy to fake with prose. MAP and MEASURE are where an engineer earns the checkmark: MAP forces you to name the deployment context and who gets hurt when the model is wrong; MEASURE forces numbers — red-team results, benchmark deltas, drift, refusal and jailbreak rates — attached to those named risks. Read every subcategory as 'show me the artifact,' not 'assert compliance.' If a subcategory can't produce evidence, it isn't done.
The generative profile is a menu, not a mandate — and that's the trap
For LLMs and diffusion systems, NIST published the Generative AI Profile (NIST AI 600-1) in July 2024. It names 12 generative-specific risks — confabulation, a lowered barrier to cyber and CBRN misuse, data-privacy leakage, harmful bias, information-integrity failure, and more — and lists just over 200 suggested actions against them (s2). Here's the honest caveat: they are suggested. The framework sets no thresholds and no required metrics, so nothing stops a team from picking the ten easiest actions, self-attesting, and calling it governance (s1). That is the box-tick failure mode. Use the 200 as a prioritised menu instead: rank by your real exposure, wire each chosen action to a specific eval or control you run on a schedule, and record what you deliberately skipped and why. A short list you test beats a long list you assert. Untested at scale, a self-attested profile is worse than nothing — it manufactures confidence you didn't earn.
- Is the NIST AI RMF legally binding?
- No. It is voluntary guidance from NIST. But procurement contracts, audit firms, and insurers increasingly reference it, so treat it as binding-soon in practice.
- Where should a team actually start in the RMF?
- MAP — inventory the system's context, users, data, and plausible harms — then MEASURE those harms with evaluations you run. GOVERN and MANAGE come after, or they are just paperwork.
- What is the generative profile?
- NIST AI 600-1, released July 2024. It maps 12 generative-AI risks to just over 200 suggested actions across the RMF's four functions.